Improved Login security

This commit is contained in:
delvh 2020-04-10 15:53:30 +02:00
parent 551f83672e
commit a457261ee5
2 changed files with 7 additions and 7 deletions

View File

@ -21,12 +21,12 @@
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.m2e.core.maven2Builder</name>
<name>org.hibernate.eclipse.console.hibernateBuilder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.hibernate.eclipse.console.hibernateBuilder</name>
<name>org.eclipse.m2e.core.maven2Builder</name>
<arguments>
</arguments>
</buildCommand>

View File

@ -93,21 +93,21 @@ public class LoginCredentialProcessor implements ObjectProcessor<LoginCredential
// Checking if user is already online
if (connectionManager.isOnline(user.getID())) {
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.ALREADY_ONLINE));
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.INTERNAL_ERROR));
return null;
}
// Evaluating the correctness of the password hash
if (!Arrays.equals(credentials.getPasswordHash(), user.getPasswordHash())) {
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.WRONG_PASSWORD));
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.WRONG_PASSWORD_OR_USER));
return null;
}
return user;
} catch (NoResultException e) {
// Checking if user exists
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.USER_DOES_NOT_EXIST));
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.INTERNAL_ERROR));
} catch (InputMismatchException e) {
// Checking if the given password hash is correct
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.WRONG_PASSWORD));
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.WRONG_PASSWORD_OR_USER));
}
return null;
}
@ -127,7 +127,7 @@ public class LoginCredentialProcessor implements ObjectProcessor<LoginCredential
// Checking that no user already has this identifier
PersistenceManager.getInstance().getUserByName(credentials.getIdentifier());
// this code only gets executed if this user already exists
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.USER_EXISTS_ALREADY));
writeProxy.write(socketID, new HandshakeRejectionEvent(HandshakeRejectionEvent.INTERNAL_ERROR));
return null;
} catch (NoResultException e) {
// Creation of a new user